1 /* 2 * Copyright (c) 2022-2025 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 /** 17 * @addtogroup AccountIAM 18 * @{ 19 * 20 * @brief Provides account identity and access management. 21 * 22 * Provides the capability to manage the identity and access of the local account. 23 * 24 * @since 8.0 25 * @version 8.0 26 */ 27 28 /** 29 * @file account_iam_client.h 30 * 31 * @brief Declares account iam client interfaces. 32 * 33 * @since 8.0 34 * @version 8.0 35 */ 36 #ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H 37 #define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H 38 39 #include <map> 40 #include <mutex> 41 #include <set> 42 #include <vector> 43 44 #include "account_error_no.h" 45 #include "account_iam_client_callback.h" 46 #include "account_iam_info.h" 47 #include "account_permission_manager.h" 48 #include "iaccount_i_a_m.h" 49 50 namespace OHOS { 51 namespace AccountSA { 52 class AccountIAMClient { 53 public: 54 /** 55 * Gets the instance of AccountIAMClient. 56 * @return the instance of AccountIAMClient. 57 */ 58 static AccountIAMClient &GetInstance(); 59 60 /** 61 * @brief Opens session. 62 * @permission ohos.permission.MANAGE_USER_IDM 63 * @param userId - Indicates the user identification. 64 * @param challenge - Indicates the challenge value. 65 * @return error code, see account_error_no.h 66 */ 67 int32_t OpenSession(int32_t userId, std::vector<uint8_t> &challenge); 68 69 /** 70 * @brief Closes session. 71 * @permission ohos.permission.MANAGE_USER_IDM 72 * @param userId - Indicates the user identification. 73 * @return error code, see account_error_no.h 74 */ 75 int32_t CloseSession(int32_t userId); 76 77 /** 78 * @brief Adds credential information. 79 * @permission ohos.permission.MANAGE_USER_IDM 80 * @param userId - Indicates the user identification. 81 * @param credentialInfo - Indicates the credential information. 82 * @param callback - Indicates the callback to get results and acquireInfo. 83 */ 84 void AddCredential( 85 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback); 86 87 /** 88 * @brief Updates credential. 89 * @permission ohos.permission.MANAGE_USER_IDM 90 * @param userId - Indicates the user identification. 91 * @param credentialInfo - Indicates the credential information. 92 * @param callback - Indicates the callback to get results and acquireInfo. 93 */ 94 void UpdateCredential( 95 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback); 96 97 /** 98 * @brief Cancels entry with a challenge value. 99 * @permission ohos.permission.MANAGE_USER_IDM 100 * @param userId - Indicates the user identification. 101 * @return error code, see account_error_no.h 102 */ 103 int32_t Cancel(int32_t userId); 104 105 /** 106 * @brief Deletes the user credential information. 107 * @permission ohos.permission.MANAGE_USER_IDM 108 * @param userId - Indicates the user identification. 109 * @param credentialId - Indicates the credential index. 110 * @param authToken - Indicates the authentication token. 111 * @param callback - Indicates the callback to get the deletion result. 112 */ 113 void DelCred(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken, 114 const std::shared_ptr<IDMCallback>& callback); 115 116 /** 117 * @brief Deletes the user with the authentication token. 118 * @permission ohos.permission.MANAGE_USER_IDM 119 * @param userId - Indicates the user identification. 120 * @param authToken - Indicates the authentication token. 121 * @param callback - Indicates the callback to get the deletion result. 122 */ 123 void DelUser(int32_t userId, const std::vector<uint8_t> &authToken, const std::shared_ptr<IDMCallback> &callback); 124 125 /** 126 * @brief Gets authentication information. 127 * @permission ohos.permission.USE_USER_IDM 128 * @param userId - Indicates the user identification. 129 * @param authType - Indicates the authentication type. 130 * @param callback - Indicates the callback to get all registered credential information of 131 * the specified type for the current user. 132 * @return error code, see account_error_no.h 133 */ 134 int32_t GetCredentialInfo(int32_t userId, AuthType authType, const std::shared_ptr<GetCredInfoCallback> &callback); 135 136 /** 137 * @brief Prepare remote auth. 138 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 139 * @param remoteNetworkId - Indicates the remote network id. 140 * @param callback - Indicates the callback for getting result. 141 * @return error code, see account_error_no.h 142 */ 143 int32_t PrepareRemoteAuth( 144 const std::string &remoteNetworkId, const std::shared_ptr<PreRemoteAuthCallback> &callback); 145 146 /** 147 * @brief Executes user authentication. 148 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 149 * @param authOptions - Indicates the AuthOptions. 150 * @param challenge - Indicates the challenge value. 151 * @param authType - Indicates the authentication type. 152 * @param authTrustLevel - Indicates the trust level of authentication result. 153 * @param callback - Indicates the callback to get result and acquireInfo. 154 * @return a context ID for cancellation. 155 */ 156 uint64_t Auth(AuthOptions& authOptions, const std::vector<uint8_t> &challenge, AuthType authType, 157 AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback); 158 159 /** 160 * @brief Executes user authentication. 161 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 162 * @param authOptions - Indicates the AuthOptions. 163 * @param challenge - Indicates the challenge value. 164 * @param authType - Indicates the authentication type. 165 * @param authTrustLevel - Indicates the trust level of authentication result. 166 * @param callback - Indicates the callback to get result and acquireInfo. 167 * @return a context ID for cancellation. 168 */ 169 uint64_t AuthUser(AuthOptions &authOptions, const std::vector<uint8_t> &challenge, AuthType authType, 170 AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback); 171 172 /** 173 * @brief Cancels authentication with context ID. 174 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 175 * @param contextID - Indicates the authentication context ID. 176 * @return error code, see account_error_no.h 177 */ 178 int32_t CancelAuth(uint64_t contextId); 179 180 /** 181 * @brief Checks whether the authentication capability is available. 182 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 183 * @param authType - Indicates the credential type for authentication. 184 * @param authTrustLevel - Indicates the trust level of authentication result. 185 * @param status - Indicates a status result. 186 * @return error code, see account_error_no.h 187 */ 188 int32_t GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status); 189 190 /** 191 * @brief Gets the property based on the specified request information. 192 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 193 * @param userId - Indicates the user identification. 194 * @param request - Indicates the request information, including authentication type, and property type list. 195 * @param callback - Indicates the callback for getting an executor property. 196 * @return void. callback result error code, see account_error_no.h 197 */ 198 void GetProperty( 199 int32_t userId, const GetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback); 200 201 /** 202 * @brief Gets the property based on the specified credential id. 203 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 204 * @param credentialId - Indicates the credential index. 205 * @param keys - Indicates the property type list for getting corresponding information. 206 * @param callback - Indicates the callback for getting an executor property. 207 * @return void. callback result error code, see account_error_no.h 208 */ 209 void GetPropertyByCredentialId(uint64_t credentialId, 210 std::vector<Attributes::AttributeKey> &keys, const std::shared_ptr<GetSetPropCallback> &callback); 211 212 /** 213 * @brief Sets property that can be used to initialize algorithms. 214 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 215 * @param userId - Indicates the user identification. 216 * @param request - Indicates the request information, including authentication type and the key-value to be set. 217 * @param callback - Indicates the callback for getting result. 218 * @return void. callback result error code, see account_error_no.h 219 */ 220 void SetProperty( 221 int32_t userId, const SetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback); 222 223 /** 224 * @brief Get the enrolled id based on the specified information. 225 * @permission ohos.permission.USE_USER_IDM 226 * @param accountId - Indicates the user identification. 227 * @param authType - Indicates the credential type. 228 * @param callback - Indicates the callback for getting result. 229 * @return void. callback result error code, see account_error_no.h 230 */ 231 void GetEnrolledId(int32_t accountId, AuthType authType, const std::shared_ptr<GetEnrolledIdCallback> &callback); 232 233 #ifdef HAS_PIN_AUTH_PART 234 /** 235 * @brief Registers inputer. 236 * @permission ohos.permission.ACCESS_PIN_AUTH 237 * @param inputer - Indicates the password input box callback 238 * @return error code, see account_error_no.h 239 */ 240 ErrCode RegisterPINInputer(const std::shared_ptr<IInputer> &inputer); 241 242 /** 243 * @brief Unregisters inputer. 244 * @permission ohos.permission.ACCESS_PIN_AUTH 245 * @return error code, see account_error_no.h 246 */ 247 ErrCode UnregisterPINInputer(); 248 249 /** 250 * @brief Registers credential inputer by authentication type. 251 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM 252 * @param authType - Indicates the authentication type. 253 * @param inputer - Indicates the credential input box callback. 254 * @return error code, see account_error_no.h 255 */ 256 ErrCode RegisterInputer(int32_t authType, const std::shared_ptr<IInputer> &inputer); 257 258 /** 259 * @brief Unregisters credential inputer by authentication type. 260 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM 261 * @param authType - Indicates the authentication type. 262 * @return error code, see account_error_no.h 263 */ 264 ErrCode UnregisterInputer(int32_t authType); 265 #endif 266 267 /** 268 * @brief Gets the state of the specified account. 269 * @param userId - Indicates the user identification. 270 * @return the state of the specified account 271 */ 272 IAMState GetAccountState(int32_t userId); 273 274 /** 275 * @brief Sets the authentication subtype of the specified account. 276 * @param userId - Indicates the user identification. 277 * @param authSubType - Indicates the authentication subtype. 278 */ 279 void SetAuthSubType(int32_t userId, int32_t authSubType); 280 281 /** 282 * @brief Gets the authentication subtype of the specified account. 283 * @param userId - Indicates the user identification. 284 * @return the authentication subtype. 285 */ 286 int32_t GetAuthSubType(int32_t userId); 287 288 private: 289 AccountIAMClient() = default; 290 ~AccountIAMClient() = default; 291 DISALLOW_COPY_AND_MOVE(AccountIAMClient); 292 class AccountIAMDeathRecipient : public IRemoteObject::DeathRecipient { 293 public: 294 AccountIAMDeathRecipient() = default; 295 ~AccountIAMDeathRecipient() override = default; 296 void OnRemoteDied(const wptr<IRemoteObject>& remote) override; 297 298 private: 299 DISALLOW_COPY_AND_MOVE(AccountIAMDeathRecipient); 300 }; 301 sptr<IAccountIAM> GetAccountIAMProxy(); 302 void ResetAccountIAMProxy(const wptr<IRemoteObject>& remote); 303 bool GetCurrentUserId(int32_t &userId); 304 uint64_t StartDomainAuth(int32_t userId, const std::shared_ptr<IDMCallback> &callback); 305 #ifdef HAS_PIN_AUTH_PART 306 ErrCode RegisterDomainInputer(const std::shared_ptr<IInputer> &inputer); 307 ErrCode UnregisterDomainInputer(); 308 #endif 309 bool CheckSelfPermission(const std::string &permissionName); 310 311 private: 312 std::mutex mutex_; 313 std::mutex pinMutex_; 314 std::mutex domainMutex_; 315 std::map<int32_t, CredentialItem> credentialMap_; 316 sptr<IAccountIAM> proxy_ = nullptr; 317 sptr<AccountIAMDeathRecipient> deathRecipient_ = nullptr; 318 #ifdef HAS_PIN_AUTH_PART 319 std::shared_ptr<IInputer> pinInputer_ = nullptr; 320 std::shared_ptr<IInputer> domainInputer_ = nullptr; 321 #endif 322 }; 323 } // namespace AccountSA 324 } // namespace OHOS 325 #endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H